package com.bootsecurity.security.controller;

import com.bootsecurity.security.bean.SysUser;
import com.bootsecurity.security.util.Msg;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.*;

/**
 * Created with IntelliJ IDEA.
 * Description:
 * User: liubin
 * Date: 2018-01-03
 * Time: 下午 5:59
 */
@Controller
public class HomeController {

    @RequestMapping("login")
    public Object login(@AuthenticationPrincipal SysUser loginedUser, @RequestParam(name = "logout", required = false) String logout){
        if (logout != null) {
            return null;
        }
        if (loginedUser != null) {
            return loginedUser;
        }
        return "login";
    }


    @RequestMapping("/")
    public String index(Model model) {
        Msg msg = new Msg("测试标题", "测试内容", "额外信息，只对管理员显示");
        model.addAttribute("msg", msg);
        return "main";
    }

    @RequestMapping(value = "getUser",method = RequestMethod.GET)
    @ResponseBody
    public String getUsers() {
        return "getUsers";
    }

    @Secured({"ADMIN","USER"})//此方法只允许 ROLE_ADMIN 和ROLE_USER 角色 访问
    @RequestMapping(value = "save",method = RequestMethod.POST)
    @ResponseBody
    public Object save(@RequestBody SysUser user) {
        return "save";
    }


    @Secured("ADMIN")//此方法只允许 ROLE_ADMIN 角色访问
    @RequestMapping(value = "update")
    @ResponseBody
    public String update() {
        return "updateUser";
    }

    @Secured("ADMIN")//此方法只允许 ROLE_ADMIN 角色访问
    @RequestMapping(value = "delete")
    @ResponseBody
    public String delete() {
        return "deleteUser";
    }

}
